injector[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

injector.exe
Size

985KB
MD5

e5ad89e0cce625fde0ddec73721e1459
SHA1

42dbcc7f946bc373313cae17e9d940d916d24638
SHA256

8e0428963b01a1588da55251c97762e89e723105119df57f4d25480395eefb8e
SHA512

71afe5ad4bcb4099bcfd5b4944d8426887abbdee9f4d7e9946f5a50c70de7904bd781cc0d6a80d41d087a17235ba6160f835adea49930337df55281c137202b3
SSDEEP

24576:b5TUg+vOIcVZmtfA/yq+oPMIdvtkYGciFag:btg04fTqNP3vSFfs

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs
Detects executables packed with VMProtect commercial packer.
vmprotect

Processes:

resource yara_rule

sample vmprotect

resource	yara_rule
sample	vmprotect

Files

injector.exe
.exe windows x86

2822ab28412c3bd98b3bcffa6e92a3b7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

MessageBoxW

Exports

Exports

._?n��m#��$Y�:��/-�� ~̂�\�*�-6��M�K��+��37 V��G� Vځ��r_6��k4�:�$��pp��֌F�-��:S��>|`V��(��Fr�}ۋ-�T"㼙�9��Q� -��?�[�Q��_��G~1 ��q�o0LZr䤎7|�l��mv��qmO��c�ֿ�:��-��B�،o��\��Ŕ6��&�Cp+� s6 ��ot&FC^2�AD4�r}S��\�rV�Y��Ο�Bɵs�iѮ�Δ{Xz�8F�-�w��tKuA(��["+�jV(��;4ףx�v�'��o��S�%Y��֭��u��DG�`�Sf��o��M�� X��&�{�Շ�@�~�0�ZSQL2��H��&��k��e&Ǥ�9_S�F��r]��q�RU@�3�u U��d�>�w�M��M�a9�a��yZ��j�z68�A�I�57/ ��ڐ{�IL&��] ��F�J��{l%�-.�.S�Ƨ��,^��I�P��/��k�8��t��撔*Q��o�"��u�h��$I��U�Н��T��X��'��5�L$8�|�7 gP_�7�C��`�\�\n�`�:be�o�g��R��|Υ6WH��:�ͫ��3�7��瑝��}�h��e۶2��_�iA@n}DT��7�n]��_r�LxO5�� 8|�<-�橄 �sk:�<�bĳ��+�!Gl3�� g�垏e�-hi+?��^u|�H3� f��}�'%��%<�c��>��WKY3n<Z;��x��~83��of��L��b��4!��~g�e�Om�WxEs�� p�(:|��\�2��S�5�z)��W��Ȅ��7h�u�47�%�3�2��J��e��=��?CW}(�Y��Y��bS��A^��ܷ"]o�b��S�� F`du�¿+�� w��{��(QԴ�J�a�m͙߄S�Z�� w�-0`��<��S��|p�V��u�L��I��*<�)NC��%]�0�R HC �RG��qK�m��=&�9b �V|7�b�-�� .�:�RKt�<բ�� Y��z�b��҉�4M�9��B�jv��f��?L7>')�{Ok�o�U_��0��k��\��uDb3)��Ie��3��Nn"�eR�=��V�ME�D�:�h��7 �$��v&�`��Q�4�K��7;k�ER1��l+]�s�e2�(�%��ʌ��jygQ�#V��<j��i-|*!�B�Y@��v:{X��~V�G)wDq:��<��[V�,igg��m�� 3�5 Rƾ|�P�� =_��&E��p��&fB#S��v%�(p�L��6Vg�ͭX��*ȃE/��+�'j5�=]�9��&�xEط��ãQ��^�W�'��3��gQ�|?Ro�ȓ� j�ű��&��Vj8�/F{��ݪH)�4��(C z�j�g:��f2ZAju�� :x[bFK��j(P�Q��xIu��g^�ŋ葦d'(��q��aH�V��Z8M��?��P^�� ꥨd'M}��o��Ƹ��*�7�}R 1T�� f!C��f&��y�;ʎC�5��0e_��@��[��$%��S:��NA�MM&b��Z�m��ر�+m*�`�$*��y�2�9�ȣ,vb�?y:��9*��ϐ�3u͟�>��0��ѕ��[8ݪ:�?k�²�Ry�!4��?bG� )��{Je�M��ᦋq�_/��=1�^�uXH �nn 1�4��}�ԅI�a�c��D��@@�NFc��A[k �`��O ��귈ڽ��H�7�8�z��L��E��h��^�ce�.ֶ��%>�:�� 騁�6*(�`��A��c,Z�� P3ѱ%-i"#$yìlJ�)4I1E��d&�_��yM��ҹY�4�mj-�k/��e��!�g�{7F�qЎ�@_�1��x�0}mxy-��#�^͑�#��=n�Ie��h�r�B�bX��_�`�@�X�r�]%4Z��0u�q�<��[[2KLݡ:OxY��;;bKN��~C8�a��T�J�b��&�nJY�YVLL��E�ܧ��O�_m��s�h"�p��B��Z�˄�\\a#k�¯j��XpjI�`Р��Q#Je+��$?��PN4_)m,��:�8��׮�R�7�(�3��%_=M��'��i��z��^[��0ᅴ�V�7��1y�;M�,��S� ǵ[�� ì��?��ĭ��@�E��x�\��C��F{� s�U��u~O"�5�`�"s�z��w/�/Z�;��*vO X�>2&��Ǚ(��0�4gƂX�ji4��PY`Z��u� �x�W$��3��D�#�YuK㧹��+��\��O��s��Q@V��v��+A��k��b�_��;��tȜ�ƚ|��/<_��n�xq�e�e��RC �>��Hy�� tIģ\p�P��X�2�sq�j�i��n`��_��q�b�l�d�jQ�1�~ef��SQ��6�.�}Y� }�)��n��a��.0"C��m#�b�x�"�� sl�\��a��4��;58�g��#B�R@�㫰�_�oeJ�QjI!�/��#:�E�&�LX_�a��岭��Ȗ��q��0��8��<�E��|��b�`Z��2��Y�:I=�� Y짏�J,`�hb8f�E��y��_�`<�ǣu�M��l*L��S-ųxn�1�Ǧ�v��2��ݗ�6+dK��6��~��g�Vp(ҽ�>�sm'�*�NF��

Sections

.text
Size: - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 786KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 966KB - Virtual size: 965KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2822ab28412c3bd98b3bcffa6e92a3b7

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: - Virtual size: 232KB

.rdata Size: - Virtual size: 33KB

.data Size: - Virtual size: 6KB

.gfids Size: - Virtual size: 364B

.vmp0 Size: - Virtual size: 786KB

.tls Size: 512B - Virtual size: 24B

.vmp1 Size: 966KB - Virtual size: 965KB

.reloc Size: 512B - Virtual size: 408B

.rsrc Size: 17KB - Virtual size: 17KB

.text
Size: - Virtual size: 232KB

.rdata
Size: - Virtual size: 33KB

.data
Size: - Virtual size: 6KB

.gfids
Size: - Virtual size: 364B

.vmp0
Size: - Virtual size: 786KB

.tls
Size: 512B - Virtual size: 24B

.vmp1
Size: 966KB - Virtual size: 965KB

.reloc
Size: 512B - Virtual size: 408B

.rsrc
Size: 17KB - Virtual size: 17KB